Cybersecurity Series
Cyber Security_Blog_with Book

CIR Team: Maintain Strong Cyber Security Processes and Functions

With roles and responsibilities identified to manage cybersecurity incident response (CIR), the respective IT-related teams, namely, the Information, IT and Cyber Security Teams, will perform the activities to ensure the organization can manage the cybersecurity program effectively.

Organizations vary in size, nature, and business processes, and the need to maintain a set of solid cybersecurity processes and functions must be customized to the organization's needs.

Reference: Chapter 3 What Are the Typical IT Teams Handling Security for IT? 3.5 Processes and Functions

Moh Heng Goh

Banner 2 CIR Team Handling Cybersecurity

CIR Team

Maintain Strong Cybersecurity Processes and Functions

New call-to-actionWith roles and responsibilities identified, the activities to be performed by the respective team to ensure the organization can manage the cyber security program effectively are as spelt out in Figure 3-5. As organizations vary in size, nature, business processes, and the like, processes/functions must be customized to the organization's needs.

 

Processes/ Functions

Information Security

IT Security

Cyber Security

  • Emulate attacks to find flaws within defences so rectification can be made.
  • Defend against Red Team/ cyber security attacks to constantly improve security posture.
  • Exchange information continuously between the Red and Blue Teams to improve continually.
  • Purple team (if necessary) facilitates continuous integration.

-

-

  • Identify critical organizational and technological infrastructures.
  • Identify cyber security threats that affect these infrastructures.
  • Identify business functions that are utilizing these infrastructures.
  • Develop mitigation/response measures.

-

-

  • Manage Information Risk
  • Value Asset Inventory
  • Manage Third-Party Risks
  • Gather Threat Intelligence and Analysis
  • Take advantage of Analytics
  • Execute Data Management
  • Perform Process Optimisation and Agile Controls

-

-

Figure 3-5: Process and Functions Undertaken by the Type of Teams

Common Processes/ Functions Performed by the Three Teams


  • Perform risk assessment
  • Identify business functions and impacts
  • Develop/Implement mitigation/response measures
  • Test and exercise plan
  • Engage with third parties
  • Audit plan and third parties' plan
  • Create awareness
  • Build culture

Related Concept to Cybersecurity Coverage by IT Teams

Type of Coverage by IT Team Team Composition Maintain Strong Cybersecurity Processes and Functions Skill Sets and Long-Term Challenges Back To: Team Handling CIR
C3 CIR Type of Coverage by IT Teams C3 CIR Team Composition New call-to-action C3 CIR Skill Sets and Long-Term Challenges BCM & CIR - What Are the Typical IT Teams Handling Security for IT?

 


BCMI Logo

Do You Want to Continue BCM Training onsite or online?

Competency-based Course
Certification Course
New call-to-action New call-to-action [BL-3-Catalog] What Specialist Level Blended Learning Courses that are Available? [BL-5-Catalog] What Expert Level Blended Learning Courses that are Available?

A Manager’s Guide to BCM for Cybersecurity Incident Response

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.

Reference: Chapter 3 What Are the Typical IT Teams Handling Security for IT? 3.5 Processes and Functions

Note: This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.

 

Comments:

 

More Posts

New Call-to-action